
<!doctype html>
<html lang="zh" class="no-js">
  <head>
    
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width,initial-scale=1">
      
        <meta name="description" content="Linux 和 Windows 应急响应技术手册">
      
      
        <meta name="author" content="NOP Team">
      
      
        <link rel="canonical" href="http://book.noptrace.com/">
      
      
      
        <link rel="next" href="linux/0.%E5%B0%81%E9%9D%A2/">
      
      
      <link rel="icon" href="logo.png">
      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.15">
    
    
      
        <title>网络安全应急响应手册 — NOPTeam</title>
      
    
    
      <link rel="stylesheet" href="assets/stylesheets/main.342714a4.min.css">
      
      


    
    
      
    
    
      
        
        
        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
      
    
    
    <script>__md_scope=new URL(".",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
    
      

    
    
    
  </head>
  
  
    <body dir="ltr">
  
    
    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
    <label class="md-overlay" for="__drawer"></label>
    <div data-md-component="skip">
      
        
        <a href="#_1" class="md-skip">
          跳转至
        </a>
      
    </div>
    <div data-md-component="announce">
      
    </div>
    
    
      

  

<header class="md-header md-header--shadow md-header--lifted" data-md-component="header">
  <nav class="md-header__inner md-grid" aria-label="页眉">
    <a href="." title="网络安全应急响应手册 — NOPTeam" class="md-header__button md-logo" aria-label="网络安全应急响应手册 — NOPTeam" data-md-component="logo">
      
  <img src="logo.png" alt="logo">

    </a>
    <label class="md-header__button md-icon" for="__drawer">
      
      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
    </label>
    <div class="md-header__title" data-md-component="header-title">
      <div class="md-header__ellipsis">
        <div class="md-header__topic">
          <span class="md-ellipsis">
            网络安全应急响应手册 — NOPTeam
          </span>
        </div>
        <div class="md-header__topic" data-md-component="header-topic">
          <span class="md-ellipsis">
            
              首页
            
          </span>
        </div>
      </div>
    </div>
    
    
      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
    
    
    
      
      
        <label class="md-header__button md-icon" for="__search">
          
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        </label>
        <div class="md-search" data-md-component="search" role="dialog">
  <label class="md-search__overlay" for="__search"></label>
  <div class="md-search__inner" role="search">
    <form class="md-search__form" name="search">
      <input type="text" class="md-search__input" name="query" aria-label="搜索" placeholder="搜索" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
      <label class="md-search__icon md-icon" for="__search">
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
        
        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
      </label>
      <nav class="md-search__options" aria-label="查找">
        
          <a href="javascript:void(0)" class="md-search__icon md-icon" title="分享" aria-label="分享" data-clipboard data-clipboard-text="" data-md-component="search-share" tabindex="-1">
            
            <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M18 16.08c-.76 0-1.44.3-1.96.77L8.91 12.7c.05-.23.09-.46.09-.7s-.04-.47-.09-.7l7.05-4.11c.54.5 1.25.81 2.04.81a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3c0 .24.04.47.09.7L8.04 9.81C7.5 9.31 6.79 9 6 9a3 3 0 0 0-3 3 3 3 0 0 0 3 3c.79 0 1.5-.31 2.04-.81l7.12 4.15c-.05.21-.08.43-.08.66 0 1.61 1.31 2.91 2.92 2.91s2.92-1.3 2.92-2.91A2.92 2.92 0 0 0 18 16.08"/></svg>
          </a>
        
        <button type="reset" class="md-search__icon md-icon" title="清空当前内容" aria-label="清空当前内容" tabindex="-1">
          
          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
        </button>
      </nav>
      
        <div class="md-search__suggest" data-md-component="search-suggest"></div>
      
    </form>
    <div class="md-search__output">
      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
        <div class="md-search-result" data-md-component="search-result">
          <div class="md-search-result__meta">
            正在初始化搜索引擎
          </div>
          <ol class="md-search-result__list" role="presentation"></ol>
        </div>
      </div>
    </div>
  </div>
</div>
      
    
    
  </nav>
  
    
      
<nav class="md-tabs" aria-label="标签" data-md-component="tabs">
  <div class="md-grid">
    <ul class="md-tabs__list">
      
        
  
  
  
    
  
  
    <li class="md-tabs__item md-tabs__item--active">
      <a href="." class="md-tabs__link">
        
  
  
    
  
  首页

      </a>
    </li>
  

      
        
  
  
  
  
    
    
      <li class="md-tabs__item">
        <a href="linux/0.%E5%B0%81%E9%9D%A2/" class="md-tabs__link">
          
  
  
  Linux 应急响应手册

        </a>
      </li>
    
  

      
        
  
  
  
  
    
    
      <li class="md-tabs__item">
        <a href="windows/0.%E5%B0%81%E9%9D%A2/" class="md-tabs__link">
          
  
  
  Windows 应急响应手册

        </a>
      </li>
    
  

      
    </ul>
  </div>
</nav>
    
  
</header>
    
    <div class="md-container" data-md-component="container">
      
      
        
      
      <main class="md-main" data-md-component="main">
        <div class="md-main__inner md-grid">
          
            
              
              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    


  


<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="导航栏" data-md-level="0">
  <label class="md-nav__title" for="__drawer">
    <a href="." title="网络安全应急响应手册 — NOPTeam" class="md-nav__button md-logo" aria-label="网络安全应急响应手册 — NOPTeam" data-md-component="logo">
      
  <img src="logo.png" alt="logo">

    </a>
    网络安全应急响应手册 — NOPTeam
  </label>
  
  <ul class="md-nav__list" data-md-scrollfix>
    
      
      
  
  
    
  
  
  
    <li class="md-nav__item md-nav__item--active">
      
      <input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
      
      
        
      
      
        <label class="md-nav__link md-nav__link--active" for="__toc">
          
  
  
  <span class="md-ellipsis">
    首页
    
  </span>
  

          <span class="md-nav__icon md-icon"></span>
        </label>
      
      <a href="." class="md-nav__link md-nav__link--active">
        
  
  
  <span class="md-ellipsis">
    首页
    
  </span>
  

      </a>
      
        

  

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      关于手册 📖
    </span>
  </a>
  
    <nav class="md-nav" aria-label="关于手册 📖">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      快速入口
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#pdf" class="md-nav__link">
    <span class="md-ellipsis">
      下载 PDF 版本 📥
    </span>
  </a>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      联系我们 💬
    </span>
  </a>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      关注我们 🔗
    </span>
  </a>
  
</li>
      
    </ul>
  
</nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
      
      
        
      
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
          
        
        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
        
          
          <label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
            
  
  
  <span class="md-ellipsis">
    Linux 应急响应手册
    
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_2">
            <span class="md-nav__icon md-icon"></span>
            Linux 应急响应手册
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/0.%E5%B0%81%E9%9D%A2/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    封面
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/1.%E7%AE%80%E4%BB%8B/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    简介
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/2.%E6%9B%B4%E6%96%B0%E6%97%A5%E8%AE%B0/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    更新日记
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/3.%E5%A4%84%E7%BD%AE%E5%89%8D%E5%87%86%E5%A4%87/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    处置前准备
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/4.%E6%B3%A8%E6%84%8F%E4%BA%8B%E9%A1%B9/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    注意事项
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/5.%E6%8C%96%E7%9F%BF%E7%97%85%E6%AF%92/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    挖矿病毒
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/6.%E8%BF%9C%E6%8E%A7%E5%90%8E%E9%97%A8/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    远控后门
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/7.%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    勒索病毒
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/8.%E6%9A%B4%E5%8A%9B%E7%A0%B4%E8%A7%A3/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    暴力破解
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/9.%E9%9D%9E%E6%8C%81%E7%BB%AD%E6%80%A7%E4%BA%8B%E4%BB%B6/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    非持续性事件
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/10.%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%8C%85%E4%BE%9B%E5%BA%94%E9%93%BE%E6%94%BB%E5%87%BB/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    恶意软件包供应链攻
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/11.%E9%9A%A7%E9%81%93/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    隧道
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/12.%E5%B8%B8%E8%A7%84%E5%AE%89%E5%85%A8%E6%A3%80%E6%9F%A5/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    常规安全检查
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/13.%E5%96%84%E5%90%8E%E9%98%B6%E6%AE%B5/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    善后阶段
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/14.%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%B3%95/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    常见问题的解决方法
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/15.%E5%B0%8F%E6%8A%80%E5%B7%A7/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    小技巧
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="linux/16.%E7%9F%A5%E8%AF%86%E7%82%B9%E9%99%84%E5%BD%95/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    知识点附录
    
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
      
      
  
  
  
  
    
    
    
    
      
      
        
      
    
    
    <li class="md-nav__item md-nav__item--nested">
      
        
        
          
        
        <input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
        
          
          <label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
            
  
  
  <span class="md-ellipsis">
    Windows 应急响应手册
    
  </span>
  

            <span class="md-nav__icon md-icon"></span>
          </label>
        
        <nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
          <label class="md-nav__title" for="__nav_3">
            <span class="md-nav__icon md-icon"></span>
            Windows 应急响应手册
          </label>
          <ul class="md-nav__list" data-md-scrollfix>
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/0.%E5%B0%81%E9%9D%A2/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    封面
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/1.%E7%AE%80%E4%BB%8B/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    简介
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/2.%E6%9B%B4%E6%96%B0%E6%97%A5%E8%AE%B0/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    更新日记
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/3.%E4%BA%8B%E5%89%8D%E5%87%86%E5%A4%87/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    事前准备
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/4.%E6%8C%96%E7%9F%BF%E7%97%85%E6%AF%92/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    挖矿病毒
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/5.%E8%BF%9C%E6%8E%A7%E5%90%8E%E9%97%A8/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    远控后门
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/6.%E5%8B%92%E7%B4%A2%E7%97%85%E6%AF%92/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    勒索病毒
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/7.%E6%9A%B4%E5%8A%9B%E7%A0%B4%E8%A7%A3/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    暴力破解
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/8.%E9%92%93%E9%B1%BC%E4%BA%8B%E4%BB%B6/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    钓鱼事件
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/9.%E9%9D%9E%E6%8C%81%E7%BB%AD%E6%80%A7%E4%BA%8B%E4%BB%B6/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    非持续性事件
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/10.%E9%9A%A7%E9%81%93%E4%BA%8B%E4%BB%B6/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    隧道事件
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/11.badusb%20%E6%8A%95%E6%AF%92%E4%BA%8B%E4%BB%B6/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    badusb 投毒事件
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/12.MSSQL%20%E4%BA%8B%E4%BB%B6%E6%8E%92%E6%9F%A5/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    MSSQL 事件排查
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/13.%E5%96%84%E5%90%8E%E9%98%B6%E6%AE%B5/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    善后阶段
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/14.%E5%B8%B8%E8%A7%84%E5%AE%89%E5%85%A8%E6%A3%80%E6%9F%A5/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    常规安全检查
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/15.%E5%B0%8F%E6%8A%80%E5%B7%A7/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    小技巧
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/16.%E7%9F%A5%E8%AF%86%E7%82%B9%E9%99%84%E5%BD%95/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    知识点附录
    
  </span>
  

      </a>
    </li>
  

              
            
              
                
  
  
  
  
    <li class="md-nav__item">
      <a href="windows/17.%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98%E7%9A%84%E8%A7%A3%E5%86%B3%E6%96%B9%E6%B3%95/" class="md-nav__link">
        
  
  
  <span class="md-ellipsis">
    常见问题的解决方法
    
  </span>
  

      </a>
    </li>
  

              
            
          </ul>
        </nav>
      
    </li>
  

    
  </ul>
</nav>
                  </div>
                </div>
              </div>
            
            
              
              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
                <div class="md-sidebar__scrollwrap">
                  <div class="md-sidebar__inner">
                    

  

<nav class="md-nav md-nav--secondary" aria-label="目录">
  
  
  
    
  
  
    <label class="md-nav__title" for="__toc">
      <span class="md-nav__icon md-icon"></span>
      目录
    </label>
    <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
      
        <li class="md-nav__item">
  <a href="#_2" class="md-nav__link">
    <span class="md-ellipsis">
      关于手册 📖
    </span>
  </a>
  
    <nav class="md-nav" aria-label="关于手册 📖">
      <ul class="md-nav__list">
        
          <li class="md-nav__item">
  <a href="#_3" class="md-nav__link">
    <span class="md-ellipsis">
      快速入口
    </span>
  </a>
  
</li>
        
      </ul>
    </nav>
  
</li>
      
        <li class="md-nav__item">
  <a href="#pdf" class="md-nav__link">
    <span class="md-ellipsis">
      下载 PDF 版本 📥
    </span>
  </a>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_4" class="md-nav__link">
    <span class="md-ellipsis">
      联系我们 💬
    </span>
  </a>
  
</li>
      
        <li class="md-nav__item">
  <a href="#_5" class="md-nav__link">
    <span class="md-ellipsis">
      关注我们 🔗
    </span>
  </a>
  
</li>
      
    </ul>
  
</nav>
                  </div>
                </div>
              </div>
            
          
          
            <div class="md-content" data-md-component="content">
              <article class="md-content__inner md-typeset">
                
                  
<h1 id="_1">欢迎访问应急响应手册在线版 🚀<a class="headerlink" href="#_1" title="Permanent link">&para;</a></h1>
<hr />
<div class="admonition note">
<p class="admonition-title">镜像声明</p>
<p>本站镜像自 <a href="https://books.noptrace.com/">https://books.noptrace.com/</a> 应急响应手册，使用了国内cdn加速，如需访问原站请点击上方链接。</p>
</div>

<p>&emsp;&emsp;我们团队专注于攻防对抗领域的知识普及。这是一个基于 MkDocs 搭建的在线网站，旨在提供更便捷的阅读体验。核心内容包括两本热门手册：《Linux 应急响应手册》和《Windows 应急响应手册》。</p>

<h2 id="_2">关于手册 📖<a class="headerlink" href="#_2" title="Permanent link">&para;</a></h2>
<div class="md-grid md-typeset">
  <div class="feature">
    <h3>手册特点</h3>
    <ul>
      <li><strong>专业全面</strong>：覆盖 Linux/Windows 常见安全事件</li>
      <li><strong>实战导向</strong>：提供可直接操作的解决方案</li>
      <li><strong>持续更新</strong>：跟随安全威胁演变定期更新</li>
    </ul>
  </div>
</div>
<h3 id="_3">快速入口<a class="headerlink" href="#_3" title="Permanent link">&para;</a></h3>
<p>点击下方链接直接进入手册首页：</p>
<ul>
<li><strong><a href="linux/0.%E5%B0%81%E9%9D%A2/">《Linux 应急响应手册》</a></strong></li>
<li><strong><a href="windows/0.%E5%B0%81%E9%9D%A2/">《Windows 应急响应手册》</a></strong></li>
</ul>
<hr />
<h2 id="pdf">下载 PDF 版本 📥<a class="headerlink" href="#pdf" title="Permanent link">&para;</a></h2>
<p>需离线阅读？从 GitHub 仓库免费获取最新 PDF：</p>
<ul>
<li><strong><a href="https://github.com/Just-Hack-For-Fun/Linux-INCIDENT-RESPONSE-COOKBOOK">《Linux 应急响应手册》</a></strong></li>
<li><strong><a href="https://github.com/Just-Hack-For-Fun/Windows-INCIDENT-RESPONSE-COOKBOOK">《Windows 应急响应手册》</a></strong></li>
</ul>
<p>仓库包含  PDF 手册、更新日志和用户反馈，欢迎 Star 支持我们！</p>
<h2 id="_4">联系我们 💬<a class="headerlink" href="#_4" title="Permanent link">&para;</a></h2>
<p>遇到问题、发现 Bug 或有优化建议？随时联系：</p>
<ul>
<li><strong>微信</strong>：<code>just_hack_for_fun</code>
     我们重视每条反馈，会及时回复并更新手册。</li>
</ul>
<hr />
<h2 id="_5">关注我们 🔗<a class="headerlink" href="#_5" title="Permanent link">&para;</a></h2>
<p>关注 <strong>NOP Team</strong> 公众号，获取安全资讯、更新通知和实战案例！</p>
<p><img alt="扫码_搜索联合传播样式-标准色版" src="./weixin.jpg" /></p>












                
              </article>
            </div>
          
          
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
        </div>
        
          <button type="button" class="md-top md-icon" data-md-component="top" hidden>
  
  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
  回到页面顶部
</button>
        
      </main>
      
        <footer class="md-footer">
  
    
      
      <nav class="md-footer__inner md-grid" aria-label="页脚" >
        
        
          
          <a href="linux/0.%E5%B0%81%E9%9D%A2/" class="md-footer__link md-footer__link--next" aria-label="下一页: 封面">
            <div class="md-footer__title">
              <span class="md-footer__direction">
                下一页
              </span>
              <div class="md-ellipsis">
                封面
              </div>
            </div>
            <div class="md-footer__button md-icon">
              
              <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11z"/></svg>
            </div>
          </a>
        
      </nav>
    
  
  <div class="md-footer-meta md-typeset">
    <div class="md-footer-meta__inner md-grid">
      <div class="md-copyright">
  
    <div class="md-copyright__highlight">
      Copyright &copy; 2025 NOP Team
    </div>
  
  
    Made with
    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
      Material for MkDocs
    </a>
  
</div>
      
    </div>
  </div>
</footer>
      
    </div>
    <div class="md-dialog" data-md-component="dialog">
      <div class="md-dialog__inner md-typeset"></div>
    </div>
    
    
    
      
      <script id="__config" type="application/json">{"base": ".", "features": ["content.code.copy", "navigation.footer", "navigation.tabs", "navigation.tabs.sticky", "navigation.top", "navigation.expand", "navigation.sections", "navigation.instant", "search.suggest", "search.highlight", "search.share", "content.code.select", "content.code.annotate", "content.code.download", "content.code.edit", "content.code.run", "content.code.tabs", "content.code.fold", "content.code.linenumbers", "content.code.sync", "content.images.lazy"], "search": "assets/javascripts/workers/search.d50fe291.min.js", "tags": null, "translations": {"clipboard.copied": "\u5df2\u590d\u5236", "clipboard.copy": "\u590d\u5236", "search.result.more.one": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.more.other": "\u5728\u8be5\u9875\u4e0a\u8fd8\u6709 # \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.none": "\u6ca1\u6709\u627e\u5230\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.one": "\u627e\u5230 1 \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.other": "# \u4e2a\u7b26\u5408\u6761\u4ef6\u7684\u7ed3\u679c", "search.result.placeholder": "\u952e\u5165\u4ee5\u5f00\u59cb\u641c\u7d22", "search.result.term.missing": "\u7f3a\u5c11", "select.version": "\u9009\u62e9\u5f53\u524d\u7248\u672c"}, "version": null}</script>
    
    
      <script src="assets/javascripts/bundle.56ea9cef.min.js"></script>
      
    
  </body>
</html>
